I'm building a Laravel site that has multi-tenant capability. Each tenant (which I'll call a "site," as in a physical location, from here on out) can have multiple users, and some users can be associated with multiple sites; hence I have a many-to-many relationship between my sites and users table, with the required intermediate site_user table to handle the relationships. So far so good.
I'm also using Entrust to handle three classes of users - owner, admin, and user. In theory, each user should have roles per site. That means that User 1 may have the admin role on Site A, but only the user role on Site B. If I follow the Entrust docs, I'm told to attach a role to a user. But that won't work for me, because if I associate User 1 with Site A and Site B and make him an admin he would then be an admin for Site A and Site B. Conceptually I feel like the role should be attached to the intermediate site_user table somehow, perhaps as another field on that table, but I'm not sure how I'd retrieve that field. Another possibility that came to mind was putting a many-to-many relationship between that intermediate table and the roles table, in effect creating a role_site_user table, but again I'm not sure how I'd actually retrieve that information. Has anyone ever tried what I'm suggesting and have a good way to generate per-tenant roles and permissions for a user?
Related
I developed some systems with laravel before, but only with the default user doing the login, now I have to develop a new system with 3 types of users, each one connected to different tables in the database doing different things, in What it could The investigation can be done with roles connected to the users table and this does not help me and my database model is full of recursive relationships that I have been asked to avoid at all costs.
How can I manage different types of user by login without resorting to using roles?
I usually use laravel-permission. Simple and the doc is very clear. Regarding the database, laravel-permission has a roles table that consists of the roles and another table with permissions so you don't need to create a table for each role. Give it a try!
i am working on a multi user application where i have two tables for authentication, admins table and users table.
currently when a user registers, their information gets saved in the admins
table(which automatically makes them admins for the registered account) and are authenticated using the same table.
These admins can create other users and assign roles and permisions to restrict them from accessing certain information associated with that account.
These users are saved in the users table with admin_id to track which account they belong to,they are authenticated using the same users table.
Now my issue is how to track all records created by all these different users of the account.
For instance when and admin creates a post, the admin_id will be used to track the post and when a user creates a post the user_id will be used to track the post and with the help of a hasManyThrough relationship between the Admin,User and Post models all posts associated with the account can be obtained and displayed to the admin.
But for a case where a user is given the permision to view all posts associated with the account i do not know how this is going to work.
Initially, what i wanted to do to avoid all these confusion was, during authentication,i would just get the id (if admins table is being used for auth) or admin_id (if users table is being used) and store as account_id in localstorage or session.
This way, account_id will be the same for all the different users of the account and posts created by an admin of an account will be tracked with the same id as posts created by different users of the same account.
So is this approach good enough?
Is there a better approach to this problem?
and finally is this a dumb question?
Help me out guys!
Thanks in advance.
I want to create a RBAC system in laravel where a user can belong to several roles, and each role can have several permissions. The middleware should check if the user has a certain permission (within any of their roles) before it continues with the request.
I am able to implement a case where
A user belongs to one role which has many permissions
A user belongs to several roles which are used to determine access control (without the permissions bit)
I need to implement a user with multiple roles having multiple permissions. Any pointers?
If you are not interested in coding this yourself the a package like Laravel permissions would do exactly what you want.
https://github.com/spatie/laravel-permission
Otherwise you need to create pivot tables between the users ans their roles and the roles and their permissions
So you would have a user_roles table that would consist of user_id and role_I'd.
You would also have a role_permissions table which would have role_id and permission_id.
This would allow you to have many to many relationship and have many through relationship to get straight from user to role and role to user.
Hope that helps
As an overview. You need to have a roles table in your database which defines different types of user's your application can have , Like (Admin, Author, Editor, Moderator etc)
You also need to define a table role_user which contains data on which user has which role. This will be a Many to Many relationship since a user can have multiple roles.
Next you need to define a Middleware CheckRole which basically checks if user has a particular role. You can use this Middleware on different parts of your application to restrict authentication.
You might find this tutorial useful :
https://www.5balloons.info/user-role-based-authentication-and-access-control-in-laravel/
I plan to develop a system that has three user types (admin, business, personal). I want to have each user types information stored in a separate table for easy access and to reduce the number of blank fields (if they were all in one table).
Having looked at multiple Multi-auth packages available for Laravel, they all appear to be insisting on an approach with URLs like the following:
/admin/login
/business/login
/personal/login
Ideally, I would like to take an approach where the standard Laravel Auth /login can be used meaning that all users log in from the same page.
My knowledge of Laravel is limited so all and any help is appreciated.
The usual approach is to have one users table which has the ID/email/username (as primary key), login credentials and user types for all the users which will be logging into the system. The information however can be stored in separate tables for each type, referencing the foreign key.
After authenticating the user, then you can decide what to do with the user based on the user type.
If you store login credentials in multiple tables, that's data redundancy. Unless you want the same email/username to have more than one user type, but then during login, the user has to decide which user type they want to log into (maybe by selecting a dropdown option).
Update: about user roles
If you need to simply redirect users after logging in, use $redirectTo. Or if you need to decide what to do with the users depending on the roles after logging, you can make use of authenticated() method (add this method if it's not already there, it will overwrite the AuthenticatesUsers trait) inside your AuthController/LoginController.
Throughout your application, I'd suggest assigning middleware to route groups to restrict routes based on user roles. And yes, in your views and controllers you can use something like if(Auth::user()->hasRole('business')) when needed, but first you'll need to create the hasRole() method in your User model. If you feel it's getting complicated, you may try packages like laravel-permission and Entrust. I haven't tried them though :)
since laravel's built in authentication uses user model? For example I want to separate the admin from the user so I will build two different layers in my application, the admin and the user. How can I achieve this to laravel since it's default auth uses users table and user model?
In my opinion, there's no real need to separate the two. Administrators and typical users can exist on the same database table, because they are both users but can have different permissions.
It seems like you're just looking for a typical permissions system (ACL). There's multiple packages available that can help you handle this.
Orchestra Auth
Sentinel
Entrust
Normally as an admin is still an user you give them a role column and let say you have : users, moderators and admins. Then you got role 0,1,2 for them. Just make it an enum and if you need to check in Laravel use : Auth::user()->role == 2 for example of admin rights :)